Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [certificate]

Certificates are a Public Key and Identifying Information

Within public key cryptography (such as that used in SSL and TLS), you have both a private key (that you keep secret), and a public key (that you share widely).

In order to avoid MITM (Man In The Middle) attacks, rather than publishing just the raw public key, you normally share a Certificate. The Certificate contains your public key, along with information identifying you (such as the hostname of your website, and your organisation). The identifying information is authenticated by a Certificate Authority (CA), and can be used to ensure you're talking to the right person.

Certificates are normally issued by a Public Certificate Authority, but they can be self signed (the certificate is its own CA), or issued by a private CA.

1287 questions
27
votes
5 answers

Where do companies typically store SSL certificates for future use?

We recently bought a wildcard SSL cert for our domain. We converted all of the certs to a Java keystore, but now we are asking ourselves where we should store these for later use. Do people use source control like BitBucket for these types of files…
AmericanKryptonite
  • 281
  • 1
  • 3
  • 6
26
votes
5 answers

What host name should the SSL certificate for an SMTP server contain?

I have a server foo.example.com at 192.0.2.1 It runs exim to receive e-mail for several of my domains. My domains each have an MX record pointing to mx.example.com, which resolves to 192.0.2.1 If I want to make exim offer TLS encryption for incoming…
David North
  • 762
  • 1
  • 5
  • 12
25
votes
9 answers

Multiple domains with SSL on same IP

I know that a dedicated IP is needed for setting up SSL. What happens if we add SSL for domains sharing an IP ? (Namevirtualhost)
nitins
  • 2,527
  • 15
  • 42
  • 65
24
votes
9 answers

Can I be my own trusted CA via an signed intermediate certificate?

Can I get a certificate from a root CA that I can then use to sign my own web server certificates? I would, if possible, use a signed certificate as an intermediate to sign other certs. I know that I would have to configure my systems in a certain…
Clint Miller
  • 1,141
  • 1
  • 11
  • 19
22
votes
3 answers

How do I create the identity certificate required to setup Mobile Device Management on an iOS device?

I'm trying to provision an iOS device to be managed using the Apple MDM capabilities. Using the iPhone Configuration Utility, I'm trying to create a configuration profile. Under the Mobile Device Management section, I can setup everything except…
Chris Vasselli
  • 275
  • 1
  • 2
  • 8
21
votes
1 answer

How to Grant IIS 7.5 access to a certificate in certificate store?

In Windows 2003 it was simple to do and one could use the winhttpcertcfg.exe (download) to give "NETWORK SERVICE" account access to a certificate. I'm now using Windows Server 2008 R2 with IIS 7.5 and I am unable to find where and how to set…
thames
  • 925
  • 2
  • 9
  • 20
20
votes
5 answers

Listing domains on a UCC/SAN SSL Certificate

Is there a way to list all domains on an SAN/UCC SSL Certificate (ideally using command line on linux/os x)? Clearly there must be some way to extract the data, since browsers can do it. Unfortunately, I can see the list but can't cut and paste it.
Jordan Reiter
  • 1,260
  • 4
  • 17
  • 38
19
votes
2 answers

How do I set up an sftp user to login with a password to an EC2 ubuntu server?

I have an Ubuntu Server running on an EC2 instance. To login to that server I use a certificate file without any password. I've installed and configured vsftpd and created a user (let's call him "testuser") for which I've set a /bin/false ssh…
Doron
  • 543
  • 1
  • 6
  • 14
18
votes
5 answers

Do any well-known CAs issue Elliptic Curve certificates?

Background I've seen that Comodo has an elliptic curve root ("COMODO ECC Certification Authority"), but I don't see mention of EC certificates on their web site. Does Certicom have intellectual property rights that prevent other issuers from…
erickson
  • 291
  • 1
  • 3
  • 10
18
votes
6 answers

How to add multiple dns names to my puppetmaster?

my puppet.conf on the master [master] certname = myname.mydomain.com ca_server = myname.mydomain.com certdnsnames = puppet;puppet.local;myname.dyndns.org;hivemind.local; for my understanding with the certdnsnames defined the following should…
c33s
  • 1,465
  • 3
  • 20
  • 39
17
votes
4 answers

How to create a multi-domain self-signed certificate for Apache2?

I've got a little private webserver where I have several virtualhosts. I know that it's impossible to assign a certificate to each individual virtualhost, because the server finds out which virtualhost was requested only AFTER the SSL connection has…
Vilx-
  • 791
  • 4
  • 13
  • 25
17
votes
2 answers

Does reissuing an SSL certificate invalidate the previously-issued certificate?

I used the "reissue certificate" functionality at a SSL certificate vendor (RapidSSL, FWIW) to get a new certificate - in doing so, I created and used a new private key and pass phrase. Will the re-issuance of this certificate cause the…
Cooper
  • 271
  • 1
  • 2
  • 4
16
votes
1 answer

PEM File "CERTIFICATE" vs "PUBLIC KEY"

I have a PEM file that looks like: -----BEGIN CERTIFICATE----- ... -----END CERTIFICATE----- which I can convert to another PEM file using: openssl x509 -in key.crt -pubkey -noout. The new PEM file now looks like: -----BEGIN PUBLIC…
Alex Rothberg
  • 451
  • 2
  • 4
  • 8
16
votes
2 answers

How to allow RDP access based on client certificate

How can I limit (RDP) access to a Windows Server not only by username/password but also with a client certificate? Imagine creating a certificate and copying this to all computers from which I want to be able to access the server from. This would…
kcode
  • 1,805
  • 4
  • 19
  • 21
16
votes
2 answers

Free OCSP server for testing purposes?

Can anyone recommend a free and simple OCSP server for Windows or Linux?
StackedCrooked
  • 1,317
  • 2
  • 13
  • 22
1
2
3
85 86